CVE-2022-41933
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | xwiki | xwiki-platform |
Version: >= 13.1RC1, < 13.10.8 Version: >= 14.0.0, < 14.4.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm" }, { "tags": [ "x_transferred" ], "url": "https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322" }, { "tags": [ "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-19869" }, { "tags": [ "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-19945" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xwiki-platform", "vendor": "xwiki", "versions": [ { "status": "affected", "version": "\u003e= 13.1RC1, \u003c 13.10.8" }, { "status": "affected", "version": "\u003e= 14.0.0, \u003c 14.4.3" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the \"Forgot your password\" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It\u0027s also possible for administrators to set some properties for the migration: it\u0027s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won\u0027t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3" }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm" }, { "url": "https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322" }, { "url": "https://jira.xwiki.org/browse/XWIKI-19869" }, { "url": "https://jira.xwiki.org/browse/XWIKI-19945" } ], "source": { "advisory": "GHSA-q2hm-2h45-v5g3", "discovery": "UNKNOWN" }, "title": "Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41933", "datePublished": "2022-11-23T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-41933\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-11-23T21:15:10.813\",\"lastModified\":\"2024-11-21T07:24:06.053\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the \\\"Forgot your password\\\" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It\u0027s also possible for administrators to set some properties for the migration: it\u0027s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won\u0027t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.\"},{\"lang\":\"es\",\"value\":\"XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Cuando se utiliz\u00f3 la funci\u00f3n \\\"restablecer una contrase\u00f1a olvidada\\\" de XWiki, la contrase\u00f1a se almacen\u00f3 en texto plano en la base de datos. Esto s\u00f3lo afecta a XWiki 13.1RC1 y versiones m\u00e1s recientes. Tenga en cuenta que solo se refiere a la funci\u00f3n de restablecimiento de contrase\u00f1a disponible en el enlace \\\"Olvid\u00f3 su contrase\u00f1a\\\" en la vista de inicio de sesi\u00f3n: las funciones que permiten a un usuario cambiar su contrase\u00f1a o que un administrador cambie la contrase\u00f1a de un usuario no se ven afectadas. Esta vulnerabilidad es particularmente peligrosa en combinaci\u00f3n con otras vulnerabilidades que permiten realizar fugas de datos personales de los usuarios, como GHSA-599v-w48h-rjrm. Tenga en cuenta que esta vulnerabilidad s\u00f3lo afecta a los usuarios de la wiki principal: en el caso de las granjas, los usuarios registrados en la subwiki no se ven afectados gracias a un error que descubrimos al investigar esto. El problema se solucion\u00f3 en las versiones 14.6RC1, 14.4.3 y 13.10.8. El parche implica una migraci\u00f3n de los usuarios afectados, as\u00ed como del historial de la p\u00e1gina, para garantizar que ninguna contrase\u00f1a permanezca en texto plano en la base de datos. Esta migraci\u00f3n tambi\u00e9n implica informar a los usuarios sobre la posible divulgaci\u00f3n de sus contrase\u00f1as: de forma predeterminada, se env\u00edan autom\u00e1ticamente dos correos electr\u00f3nicos a los usuarios afectados. Un primer correo electr\u00f3nico para informar sobre la posibilidad de que se haya filtrado su contrase\u00f1a y un segundo correo electr\u00f3nico utilizando la funci\u00f3n de restablecimiento de contrase\u00f1a para pedirles que establezcan una nueva contrase\u00f1a. Tambi\u00e9n es posible que los administradores establezcan algunas propiedades para la migraci\u00f3n: es posible decidir si la contrase\u00f1a del usuario debe restablecerse (predeterminada) o si las contrase\u00f1as deben conservarse pero solo con hash. Tenga en cuenta que en la primera opci\u00f3n, los usuarios ya no podr\u00e1n iniciar sesi\u00f3n hasta que establezcan una nueva contrase\u00f1a si se vieron afectados. Tenga en cuenta que en ambas opciones se enviar\u00e1n correos electr\u00f3nicos a los usuarios para informarles y animarles a cambiar sus contrase\u00f1as.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"13.1\",\"versionEndExcluding\":\"13.10.8\",\"matchCriteriaId\":\"022A7CE9-58A5-440B-A626-A63666E566EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.4.3\",\"matchCriteriaId\":\"CF0D4D4B-363F-4D5D-B780-1CBCC1C202B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"948446E0-E5D0-4711-A763-1A050967EB0D\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19869\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19945\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.